Okay I am stumped.
I am trying to write some PHP code to create a user in active directory with a password.
The PHP will run an Ubuntu server if it makes any difference talking to a Server 2008r2 Windows Domain Controller.
I can create the user no problems using PHP but I can not set the password. I have tried what feels like every possible code on the internet but it just will not work.
I believe that I have to create the user and then modify the password after. As a result I have the following code.
$domadlogin = 'domainadminusername';
$domadpw = 'a2b3c4d5e';
$domctrl = 'ldaps://DCIPADDRESS';
$ldapServer = $domctrl;
$ldapBase = 'OU=Users,DC=example,DC=co,DC=uk';
$ds = ldap_connect($ldapServer);
if (!$ds) {die('Cannot Connect to LDAP server');}
$ldapBind = ldap_bind($ds,$domadlogin,$domadpw);
if (!$ldapBind) {die('Cannot Bind to LDAP server');}
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$dn_user='CN=Test User,OU=New Users,OU=Users,DC=example,DC=co,DC=uk';;
$newPassword = "1.Password!";
$newPassword = "\"" . $newPassword . "\"";
$len = strlen($newPassword);
for ($i = 0; $i < $len; $i++)
{
$newPassw .= "{$newPassword{$i}}\000";
}
$newPassword = base64_encode($newPassw);
$userdata['unicodePwd'] = $newPassword;
$result = ldap_modify($ds, $dn_user, $userdata);
if ($result) echo "User modified!" ;
else echo "There was a problem!";
ldap_unbind($ds);
I know that LDAPS is working as this works
ldapsearch -x -d 2 -LLL -H ldaps://DCIPADDRESS -b 'OU=Users,DC=example,DC=co,DC=uk' -D 'domainadminusername' -W '(sAMAccountName=username)'
Can anyone tell me what I am doing wrong.
Thanks